> > > I was suggesting that SL is an indication that a filtering > > policy has > > > been applied to this network. > > > > seems like a *huge* stretch - several of the ideas for using > > SL have nothing to do with filtering. also, SL strikes me as > > an extremely poor mechanism for communicating filtering policy. > > This is demonstrably untrue. SL is not routable between autonomous > administrations without explicit coordination to remove ambiguity.
so what? the app cannot make ANY reasonable assumptions about the intent of the site based merely on the fact that it gets an SL address. it cannot reasonably assume that SL addresses are more stable, because intrasite renumbering may be more common than intersite renumbering. it cannot assume that SL addresses have narrower scope, because it might not actually be connected to the global internet even if it has a global prefix. it cannot assume that SL addresses are trustworthy, because the distribution of threats varies from one site to another and internal threats are often more dangerous than external threats. all of your arguments about security benefits of SLs are ridiculous and entirely without merit. Keith -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
